Professional Documents
Culture Documents
The physical location of a NoteID is specified in its RRV (Record Relocation Vector).
When a file or Document is deleted, Domino keeps a deletion stub so that it knows not to replace that file from a replica.
MAIL.BOX: Messages in a mail box fall into 3 basic states: Pending, Held, and Dead.
Dead - Dead mail represents mail which fails to be delivered to the intended recipient AND whose resulting Non-Delivery
report fails to be delivered to the originator of the message. A message in the 'Dead' state lists the recipient as the originator of
the message and the intended recipients as the list of people the originator of the message first sent it to. The icon which
appears next to mail in the 'Dead' state is:
Domino Server Tasks: A few lines in NOTES.INI define which server tasks are started when the server starts up, and also
which scheduled tasks are to run at various times during the day.
The Server Tasks= line lists the tasks to start as the server starts up. The scheduled tasks are listed in the
ServerTasksAt0= to ServerTasksAt23= lines. These specifications use the 24-hour clock, where 0 is midnight and
23 is 11:00 P.M.
Another option for scheduling tasks is the Program document in the Domino Directory
By default, the following tasks are configured to start, depending on how the server has been configured:
• When the Quick and Easy Configuration setup option is selected, the tasks set to start at startup are
Router, Replica, Update, AMgr, AdminP, CalConn, Event, Sched, Stats, and Maps. Then
other tasks are added depending on which other client audience options are selected. When the Advanced
Configuration setup option is selected, the tasks set to start at startup are AdminP, AMgr, Update,
Replica, Router, and Maps. Other tasks, such as CalConn, Event, Sched, and Stat, are
optionally added if selected. Other tasks are added if they are selected by name.
AdminP
The Administration Process automates many administration tasks. This task has the following commands
available to modify its behavior while it is running:
tell adminp process all
Instructs the admin process to process all new and modified immediate/interval/daily/delayed requests.
tell adminp process daily
Instructs the admin process to process all new and modified daily requests.
tell adminp process delayed
Instructs the admin process to process all new and modified delayed requests.
tell adminp process interval
Instructs the admin process to process all immediate and interval requests.
tell adminp process new
Instructs the admin process to process all new requests.
tell adminp process people
Instructs the admin process to process all new and modified requests to update Person records within the
Domino Directory.
tell adminp process time
Instructs the admin process to process all new and modified requests to delete mail files that become
unlinked.
tell adminp show databases
Lists the databases that an administration server manages, and also lists databases that do not have an
administration server configured.
AMgr
The Agent Manager runs scheduled and triggered agents in Domino databases. This task has the following
commands available to modify its behavior while it is running:
tell amgr pause
Pauses the agent manager service, so no new agents can be scheduled for execution on the server.
tell amgr resume
Resumes the agent manager service, so new agents can be scheduled for execution on the server.
tell amgr schedule
Displays the scheduled agents that are to run today, and also the database in which they reside.
tell amgr status
Displays the status of the agent manager, and also configuration information of the agent manager from
the server document in the Domino Directory.
Agent Manager (Amgr) Examples: 1. If a user is moved and certified by a new hierarchy, then that too is considered renaming.
So enabling an agent which sends the email notification to user about name changes.
The rename tasks are:
v Change a Notes user’s common name
v Notify a user of a change to private design elements during a name change
v Rename a Web user
v Move a user name in the new hierarchy
v Upgrade a user name from flat to hierarchical
Notifying users of changes to private design elements during a name change
You can enable an agent that sends to the user an e-mail message notifying the user of a name change
and containing links to databases in which the user created or modified design elements such as a folder
or view. To update the private design elements with the user’s new name, the user must then open the
database via the database links in the e-mail notification. This update to the user name allows the user to
maintain access to their own private design elements. Enable the Mail Notification agent from within the
administration requests database (ADMIN4.NSF).
Note: The AdminP Mail Notification agent runs only on Domino Release 5.05 or more recent servers and
sends e-mail to Notes Release 5.05 or more recent clients.
1. From the Domino Administrator, click Server - Analyses.
2. Click Administration Requests (7).
3. Locate the administration request to rename the user and then open the request.
4. Choose Actions - Enable/Disable User Notification. The agent is enabled and automatically sends to
the user an e-mail message containing links to databases in which the user created or modified design
elements such as a folder or view.
5. Click OK.
Troubleshooting name changes
The public key in the Person document must match the one on the user ID. If a public key has been
changed or corrupted in some way, you see this message in the Administration Requests database: ″The
name to act on was not found in the Address Book.″
When you initiate a user’s name change, the user may be prompted to accept or reject the name change.
If the user rejects the name change, an administration request is generated that requires you to either
accept the user name reverting to the original name or reject the name reverting to the original user
name. The user is prompted if the user has selected the ″Ask your approval before name changes″ option
on the Notes Name Changes dialog box.
If the expiration date for the name change is reached and the user has not responded, an administration
request is issued asking you to accept a request to retract the name change. You can then either accept
the request to retract the name change, or you can reject that request. If you accept the name change
retraction, the administration request for rejecting a name change are generated.
You can also move a user to another Organization, however to do so, your Domino Directory must
contain cross-certificates between the Organizations involved.
Notes workstations and Domino servers use the Notes remote procedure call (NRPC) protocol running over the LAN’s
network protocol to communicate with other Domino servers.
Other client systems, such as Web browsers, Internet mail clients, wireless application protocol (WAP)
devices, and personal information management (PIM) devices, can also communicate with Domino
servers.
Isolated LANs can be connected by WANs. A WAN is either a continuous connection -- such as a
Frame-relay, leased telephone line, or digital subscriber line (DSL) -- or a dialup connection over a modem
or Integrated Services Digital Network (ISDN) line.
The foundation for communication between Notes workstations and Domino servers or between two Domino servers is the
Notes remote procedure call (NRPC) service.
If the network connection fails while the Domino server is writing to a database on the file server or
shared NAS server, the database can become corrupted.
NRPC service uses a combination of the Notes Name Service and DNS to resolve server names to
network addresses.
To configure server partitions to share the same IP address and the same NIC, you use port mapping.
With port mapping, you assign a unique TCP port number to each server partition and designate one
Partition to perform port mapping. The port-mapping partition listens on port 1352 and redirects Notes
and Domino connection requests to the other partitions.
Default port for NRPC: By default, all NRPC connections use TCP port 1352. Because the Internet
Assigned Number Authority (IANA) assigned Lotus Domino this port number, non-Domino applications
do not usually compete for this port.
Do not change the default NRPC port unless:
v You can use a NAT or PAT firewall system to redirect a remote system’s connection attempt.
v You are using Domino port mapping.
v You create a Connection document that contains the reassigned port number.
To change the default NRPC port number, use the NOTES.INI setting TCPIPportname_TCPIPAddress and
enter a value available on the system that runs the Domino server. TCP ports with numbers less than
5000 are reserved for application vendors. You may use any number from 1024 through 5000, as long as
you don’t install a new application that requires that number.
Note: When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped
address. The zone is only valid locally.
Default ports for Internet services: You may occasionally need to change the number of the TCP or SSL
port assigned to an Internet service. Lotus Domino uses these default ports for Internet services:
Service Default TCP port Default SSL port
POP3 110 995
IMAP 143 993
LDAP 389 636
SMTP inbound 25 465
SMTP outbound 25 465
HTTP 80 443
IIOP 63148 63149
Server Controller N/A 2050
Server Types:
v Domino Utility Server -- Installs a Domino server that provides application services only, with
support for Domino clusters. The Domino Utility Server removes client access license
requirements. Note that it does NOT include support for messaging services. See full licensing text
for details.
v Domino Messaging Server -- Installs a Domino server that provides messaging services. Note that
it does NOT include support for application services or Domino clusters.
v Domino Enterprise Server -- Installs a Domino server that provides both messaging and
application services, with support for Domino clusters
Create a replica of the Certification Log on every server that is a registration server and on every server
that stores a Domino Directory that is used for user management -- for example, renaming and
recertifying users. If the server whose Domino Directory replica you are using does not have a
Certification Log, user-management actions will fail.
Server registration
Before you install and set up additional servers, you must register them. In effect, registering a server
adds the server to the system. The server registration process creates a Server document for the server in
the Domino Directory and creates a server ID. After registering and installing a server, you use the Server
Setup program to obtain a copy of the Domino Directory for the new server and to set up the server to
run particular services and tasks -- for example, the HTTP service, the Mail Router, and so on.
Partitioned servers
Using Domino server partitioning, you can run multiple instances of the Domino server on a single
computer. By doing so, you reduce hardware expenses and minimize the number of computers to
administer because, instead of purchasing multiple small computers to run Domino servers that might
not take advantage of the resources available to them, you can purchase a single, more powerful
computer and run multiple instances of the Domino server on that single machine.
On a Domino partitioned server, all partitions share the same Domino program directory, and thus share
one set of Domino executable files. However, each partition has its own Domino data directory and
NOTES.INI file; thus each has its own copy of the Domino Directory and other administrative databases.
If one partition shuts down, the others continue to run. If a partition encounters a fatal error, Domino’s
fault recovery feature restarts only that partition, not the entire computer
Partitioned servers can provide the scalability you need while also providing security. As your system
grows, you can migrate users from a partition to a separate server. A partitioned server can also be a
member of a cluster if you require high availability of databases. Security for a partitioned server is the
same as for a single server.
When you set up a partitioned server, you must run the same version of Domino on each partition.
However, if the server runs on UNIX®, there is an alternative means to run multiple instances of Domino
on the server: on UNIX, you can run different versions of Domino on a single computer, each version
with its own program directory. You can even run multiple instances of each version by installing it as a
Domino partitioned server.
Deciding whether to use partitioned servers
Whether or not to use partitioned servers depends, in part, on how you set up Domino domains. A
partitioned server is most useful when the partitions are in different Domino domains. For example,
using a partitioned server, you can dedicate different Domino domains to different customers or set up
multiple Web sites. A partitioned server with partitions all in the same Domino domain often uses more
computer resources and disk space than a single server that runs multiple services.
When making the decision to use partitioned servers, remember that it is easier to administer a single
server than it is to administer multiple partitions.
There are two types of certifier IDs: organization and organizational unit.
You can create up to four levels of organizational unit certifiers.
Each time you create a certifier ID, Domino creates a certifier ID file and a Certifier document. The ID file
contains the ID that you use to register servers and users. The Certifier document serves as a record of
the certifier ID and stores, among other things, its hierarchical name, the name of the certifier ID that
issued it, and the names of certificates associated with it.
User Registration Queue (USERREG.NSF) : This database contains information on users pending registration. When you
exit the Register Person dialog box, you can save all users pending registration and register them later. When you access the
dialog box again, the User Registration Queue automatically opens to display all users pending registration.
You can also register users by importing them from a text file or migrating them from a foreign directory.
Registering users
You can use any of these methods to register Notes users:
v Basic user registration
v Advanced user registration
v Text file registration
v Registration settings
v Migration tools (for people using an external mail system or directory) registration : The following list details the types of
users you can migrate into Notes:
* Microsoft Exchange
* LDIF (from an LDAP directory)
* LDAP
* Windows 2000/Windows 2003
* Active Directory
v Basic user registration from the Web Administrator
v Advanced user registration from the Web Administrator
whether you need to import users from a foreign mail system or directory, and whether your
user settings are in a text file.
Moving a user’s mail file and roaming files from the Domino
Administrator
You may need to move mail files when you need more space on a server or when users change jobs.
When a mail file is moved, the Administration Process first moves it to a new server, then issues a
request to delete the old mail file from its original mail server. You must approve this mail file deletion.
The Administration Process also changes the information in the ″Mail file name″ and ″Mail server″ fields
in the user’s Location document.
To move only a mail file
1. To move a user’s mail files, you must have:
v Editor access with Create documents role, or Author access with the UserModifier role in the
Domino Directory
2. From the Domino Administrator or Web Administrator, click the People & Groups tab.
3. Click People and select the person whose mail file you are moving.
4. Click Move to Another server.
5. Choose a destination server to which you are moving the mail file. If the destination server you
choose is a clustered server, it appears ″checked″ in the Additional mail server field on this dialog
box.
6. (Optional) Enter a new directory to which the mail file should be moved. You can accept the default
of mail\.
7. (Optional) Click Link to Object Store if you are using shared mail and want to link the mail file to
the object store.
8. (Optional) Choose one of theses:
v From the Domino Administrator, click Remove all mail replicas if the server is in a cluster and
you want all mail replicas to be deleted.
v From the Web Administrator, click Delete old replicas if the server is in a cluster and you want to
delete mail file replicas from a cluster.
9. If you are working with clustered servers, you can selected additional servers in the cluster to which
the mail database can be moved. To select additional servers, click the check box next to the server
name in the Additional mail server field.
10. Click OK.
11. Click Close.
To approve the mail file deletion
When the mail file is on the new mail server, you must approve the mail file deletion in the
Administration Requests database (ADMIN4.NSF).
1. From the Domino Administrator or the Web Administrator, click Server - Analysis - Administration
Requests (7).
2. Choose the Pending Administrator Approval view.
3. Locate the Approve mail file deletion request and open that request.
4. Click ″Edit Document.″ Review the request.
5. Click ″Approve Mail File Deletion.″
6. Click Save and Close.
Replication: Keep in mind that two replicas will contain slightly different content between replications. If users need
access to the most up-to-date information in a database, you can create replicas on clustered servers and then set up replication
in clusters. In a cluster, all replicas are always identical because each change immediately replicates to other servers in the
cluster.
Because replication transfers only changes to a database, the network traffic, server time, and connection costs are kept to a
minimum. During scheduled replication, by default, the initiating server first pulls changes from the destination server and
then pushes changes to the destination server. As an alternative, you can schedule replication so that the initiating server and
destination server each pull changes or so that the initiating server pulls changes only or pushes changes only.
How server-to-server replication works
For server-to-server replication, the Replicator on one server calls another Domino server at scheduled
times. By default, the Replicator is loaded at server startup.
To schedule replication between servers, the servers must be able to connect to each other in order to
update replicas. You may need to create Connection documents to enable server connections, depending
on your server topology.
Because replication transfers only changes to a database, the network traffic, server time, and connection costs are kept to a
minimum.
During scheduled replication, by default, the initiating server first pulls changes from the destination
server and then pushes changes to the destination server.
For replication to occur properly, you must assign servers the appropriate access in the database ACL.
Remove documents not modified in the last x days: The number of days specified here, known as the
purge interval, controls when Domino purges deletion stubs from a database.
Deletion stubs are markers that remain from deleted documents so that Domino knows to delete documents in other replicas of
the database. Because deletion stubs take up disk space, Domino regularly removes deletion stubs that are at least as old as the
value specified. It checks for deletion stubs that require removal at 1/3 of the purge interval. For example, assuming the
default value, 90 days, when a user opens a database, Domino checks if it has been at least 30 days since it removed deletion
stubs, and if so it removes any deletion stubs that are at least 90 days old. The Updall task, which runs by default at 2:00 AM,
also removes deletion stubs.
You can shorten the purge interval, if you want, but be sure to replicate more frequently than the purge
interval; otherwise, deleted documents can be replicated back to the replica.
Optionally, you can select the check box to remove documents in the replica that haven’t changed within
the purge interval. If you select the check box, when Domino removes deletion stubs it also removes
documents that haven’t changed within the specified number of days. These documents are purged,
meaning no deletion stubs remain for the documents, so the documents aren’t deleted in other replicas.
Receive summary and 40KB of rich text only: If you select this setting, Domino prevents large
attachments from replicating and shortens the documents that this replica receives. The shortened
documents contain only a document summary that includes basic information, such as the author and
subject, and the first 40K of rich text.
When users open a shortened document, they see ″(TRUNCATED)″ in the document title. To view the
entire document, users open it and choose Actions - Retrieve Entire Document.
Replication priority doesn’t apply to replicas on a cluster of servers. Cluster replication occurs whenever
a change occurs, not according to schedules in Connection documents.
Note: A database that doesn’t replicate should have at least one server in its ACL to serve as the
administration server for the database. This allows the Administration Process on a server to update
names in the ACL when names in the organization change.
Note: Do not use the server’s common name when replicating servers. Only the server’s full hierarchical
name should be used during server-to-server replication. This applies to all instances of server-to-server
replication.
By default, Domino uses Pull-Push as the replication direction. However, you can specify a different
replication direction.
v Pull-Push, the default replication direction, is a two-way process in which the calling server pulls
updates from the answering server and then pushes its own updates to the answering server. Using
Pull-Push, the replicator task on the calling server performs all the work.
v Pull-Pull is a two-way process in which two servers exchange updates. Using Pull-Pull, two replicators
-- one on the calling server and one on the answering server -- share the work of replication.
v Push-only is a one-way process in which the calling server pushes updates to the answering server.
One-way replication always takes less time than two-way replication.
v Pull-only is a one-way process in which the calling server pulls updates from the answering server.
One-way replication always takes less time than two-way replication.
When you force immediate server-to-server replication, you can initiate replication in one or in both directions.
The calendar and scheduling features use the Schedule Manager (Sched task), the Calendar Connector
(Calconn task), and the Free Time system (a combination of Sched, Calconn, and nnotes tasks) to operate.
When you install Domino on a server (any server except a directory server), the Sched and Calconn tasks
are automatically added to the server’s NOTES.INI file. When you start the server for the first time, the
Schedule Manager creates a Free Time database (BUSYTIME.NSF for non-clustered mail servers and
CLUBUSY.NSF for clustered mail servers) and creates an entry in the database for each user who has
filled out a Calendar Profile and whose mail file is on that server or on one of the clustered servers.
When users invite other users to meetings, the Free Time system performs the free-time lookups. The Free Time system also
searches for and returns information on the availability of resources. If the lookup involves searching in Free Time systems on
different servers or scheduling applications, the Calendar Connector sends out the queries. When users schedule appointments
in their calendars and reserve resources, the Schedule Manager task collects and updates that information in the Free Time
database.
By default, the Schedule Manager has access to the Free Time database, so you do not have to define the
ACL for this database.
For clustered mail servers, the Schedule Manager creates the clustered Free Time database
(CLUBUSY.NSF) the first time a server starts.
The effective policy for a user is a set of derived policy settings that are dynamically calculated at the
time of execution.
In addition to organizational policies, users may also have explicit policies assigned to them. In that case,
the order of resolution is that all organization policy settings are resolved first, then any explicit policy
settings are resolved.
Domain Search
Notes and Web users can use Domain Search to search an entire Domino domain for database
documents, files, and attachments that match a search query.
To support Domain Search, you need to designate a Domino server as the indexing server, which builds a
domain wide index that all Domain Search queries run against. In order for the indexing server to build
the index, you must first create a Domain Catalog on the server -- a database that controls which
databases and file systems get indexed.
It is best to set up the Domain Catalog on the same server that indexes the Domino domain. If you have
a very large number of databases to catalog, you can decrease network traffic by running the Catalog task
nightly on all servers. That way, when the Catalog task runs on the server that contains the Domain
Catalog, the Domain Catalog uses pull replication from the local catalogs rather than spiders every
database.
The Domain Catalog, a database that uses the CATALOG.NTF template, controls which databases and file
systems get indexed for Domain Search. Even if your organization is not implementing Domain Search,
the Domain Catalog is a useful administrative tool for such tasks as keeping track of the location of
database replicas.
You create the Domain Catalog by enabling the Catalog task on the server that will index the Domino
domain.
The Administration Process : The Administration Process is a program that automates many routine administrative
tasks.
Administration servers
Administration servers control how the Administration Process does its work. You specify an
administration server for the Domino Directory and for specific databases. By default, the first Lotus
Domino server you set up in a domain is the administration server for the Domino Directory. The
administration server for the Domino Directory maintains the Domino Directory’s ACL, performs deletion
and name change operations in that Domino Directory, and these changes are replicated to other servers
in the domain. If you have multiple directories in your domain -- not replicas of other domain’s
directories, but more than one of your own -- you can specify an administration server for each of the
directories in your domain. Do not specify an administration server in your domain for a replica of
another domain’s Domino Directory.
Every server in the domain stores a replica of the Administration Requests database and
the Domino Directory.
If the domain has only a few servers, consider using one administration server for both the Domino
Directory and for other databases.
A second option involves using a dedicated registration server as the administration server for the
Domino Directory. You limit this server’s responsibility to the processing of Domino Directory changes.
You can then use other servers, such as database hubs, for processing ACL changes to other databases. To
do so, specify the database hub as the administration server for those databases. You can divide the
responsibility for database ACL changes among several administration servers; but, you must make sure
that when there are multiple replicas of a database in the domain, you assign an administration server for
only one replica
Using a server that contains mail and other databases as the administration server for the Domino
Directory is possible, but is not recommended for performance reasons.
Always run the most recent version of Lotus Domino 7 on the administration server of the Domino
Directory and the extended administration servers, so that you can use all of the newest Administration
Process features.
The Administration Process uses administration servers to manage administrative changes that apply to
databases.
v Create the necessary cross-certificate documents in the Domino Directory. Requests going to another
domain require cross certificates between the two domains.
v Create a Connection document in the Domino Directory allowing a server in one domain to connect to
a server in another domain. Each domain must have a Connection document.
v Create one or more Cross-domain Configuration documents in the administration requests database for
each domain from which you will import administration requests and to which you will export
administration requests.
v Set up an administration server for the outbound domain to allow processing of the outbound
requests.
The Administration Requests database contains Cross-domain Configuration documents that specify how
domains exchange and process administration requests. When you configure a Cross-domain
Configuration document, you designate the trusted entities, which are persons, servers, or certifiers.
The Domino Console functions strictly as a server console. Consequently, the Domino Console doesn’t
include the full set of Domino administration features that are available through the Domino Administrator and the Web
Administrator, and you can’t use it to open and manage Notes databases.
The files needed to run the Server Controller and to run the Domino Console are provided with Domino
and Notes.
Start the Server Controller using the same command you normally use to start the Domino server but
append the argument -jc. For example, if you run a server on Windows XP from the directory
c:\lotus\domino using a shortcut icon on the Desktop, use the following target for the shortcut:
c:\lotus\domin\nserver.exe –jc
You can minimize a Server Controller window, but do not close or kill the window to stop the Server Controller. Instead, use
the Controller Quit command from a console to stop a Server Controller and the server it controls.
You can run the Domino Console from any machine on which a Domino server or the Domino
Administrator is installed. To use the Domino Console to communicate with a Domino server, the server
must be running under a Server Controller.
Run the following command directly from the program directory, or from a directory path that points
to the program directory:
jconsole
Setting up Domino Active Directory synchronization
When the Domino server is installed on a Windows 2000 server, as an administrator, you typically need
to maintain two separate directories for the same set of people and groups. Maintaining user and group
information involves adding entries to both directories, deleting entries, ensuring that passwords are the
same when users use Notes Single Logon, coordinating group membership in both directories, and
ensuring that user or group settings, such as e-mail addresses and telephone numbers, are identical.
Lotus Domino includes a set of tools to make synchronization between Domino and Active Directory(R) simple and
easy. The Active Directory Domino Upgrade Service (AD DUS) is a tool that you can use with Active Directory
synchronization (ADSync) when you have data in your Active Directory and you have just installed Domino. AD DUS
can optionally be used to migrate all or a set of your Active Directory users. After you’ve done that, you can start using
ADSync to maintain those users in Active Directory and in Domino.
User options are available to register Notes users in Active Directory. In the Domino Administrator’s user registration
interface, there is a ″Windows User Options″ button on the Other panel of the Register Person - New Entry dialog box.
You can select options to register a user in Active Directory at the same time that the user is registered in Domino. This
is essentially the opposite of what ADSync does. Regardless of the tool with which you register a new user in both directories,
you can use ADSync to
synchronize and delete users from both directories. You can also use ADSync to rename users in both
directories.
You must have a properly certified Notes ID and appropriate access to make any changes to a Domino
Directory from Notes or Windows 2000, and have the appropriate rights if you are going to use the
Domino server-defined certification authority (CA) to certify users on Domino. Use a Lotus Notes 6 or
more recent client, and Lotus Domino 6 or more recent server as your registration server.
These directory synchronization features let you keep both the Domino Directory and Active Directory
current without having to update both when either changes. Also, you can manage user and group
information in the Domino Directory and the Active Directory through a single interface of your choice,
either Domino or Windows 2000.
* Installed AD & Domino server R6.5 or later i.e. Install, but do not run, the Domino Administrator.
* Open a command prompt. From your Notes install directory, type:
regsvr32 nadsync.dll
A message box appears indicating that registration is complete. This can take up to one minute.
* Run the Domino Administrator and complete the configuration process.
* From the Domino Administrator, create an organizational policy or an explicit policy and a
Registration policy settings document. You must have at least one policy to use with ADSync.
For more information on policies, see the chapter ″Using Policies.″
* From the Start menu, click Programs - Administrative Tools - Active Directory Users and Computers.
Click the Lotus Domino Options folder.
* Right-click Domino Directory synchronization and then choose Options.
* Enter your Notes password.
* Click the Notes Settings tab.
* Click the Notes Server for Registration button and specify a registration server. This is typically the
administration server of the Domino Directory.
* Click OK.
* Close and restart Active Directory Users and Computers to allow these changes to take effect.
During synchronization, ADSync attempts to match the Active Directory object with an entry in the
Domino Directory. If more than one match is found, ADSync prompts you to specify the match from
those that have been located.
Each Domino domain has at least one administration server for the Domino Directory. The administration
server is responsible for carrying out Administration Process requests that automate changes to the
Domino Directory. By default, the first server set up in a domain is the administration server for the
Domino Directory.
Lightweight Directory Access Protocol (LDAP) is a standard Internet protocol for searching and managing
entries in a directory.
The Domino Directory: is a database that Domino creates automatically on every server. The Domino
Directory is a directory of information about users, servers, and groups, as well as custom entries you
may add. Registering users and servers in a domain automatically creates corresponding Person
documents and Server documents in the Domino Directory for the domain.
The Domino Directory is also a tool that administrators use to manage the Domino system. For example,
administrators create documents in the Domino Directory to connect servers for replication or mail
routing, to schedule server tasks, and so on.
When a server runs the LDAP service, the Domino Directory is accessible through the Lightweight
Directory Access Protocol (LDAP).
Typically, a Domino Directory is associated with a Domino domain. When you set up the first server in a
Domino domain, Domino automatically creates the Domino Directory database and gives it the file name
NAMES.NSF. When you add a new server to the domain, Domino automatically creates a replica of the
Domino Directory on the new server.
By default the LDAP task listens for LDAP client requests over TCP/IP port 389, and accepts both
anonymous connections, and connections that bind using name-and-password security. The LDAP service
can also listen for requests over an SSL port, usually port 636.
A directory catalog is an optional directory database that typically contains information aggregated from
multiple Domino Directories. Clients and servers can use a directory catalog to look up mail addresses
and other information about the people, groups, mail-in databases, and resources throughout an
organization, regardless of the number of Domino domains and Domino Directories the organization
uses. A directory catalog includes the type of information that is important for directory services, and
excludes other types of information that are part of a Domino Directory, for example Domino
configuration information, such as information in Connection documents.
There are two types of directory catalogs: condensed Directory Catalogs and Extended Directory
Catalogs.
The access set for a user in an extended ACL can never exceed the access the database ACL, including
the database ACL privileges and roles, allows the user.
Extended ACL : The access set for a user in an extended ACL can never exceed the access the database ACL, including
the database ACL privileges and roles, allows the user. For example, if the database ACL allows a user only Reader access,
you can’t use the extended ACL to allow Write access. Or if a user is omitted from
the database ACL User Creator role, you can’t use the extended ACL to allow the user Create access to
Person documents.
The Lotus Notes client and the Domino mail router (the Router) create and send messages in the format
(MIME or Notes rich text) appropriate for each recipient, as determined from the address format and
settings in the recipient’s Person document. If conversion between formats is necessary, Domino performs
the conversion automatically.
The Router uses information in the Domino Directory to determine where to send messages and what
transfer protocol to use. For messages sent over SMTP, the Router also uses information from the Domain
Name System (DNS).
The Lotus Domino server and Lotus Notes client support both Internet standards and Notes protocols for
message routing, retrieval, and formatting. On the server, the Domino mail router (the Router) can send
and receive messages using the Simple Mail Transfer Protocol (SMTP) and Notes Remote Procedure Calls
(NRPC), or Notes routing. To enable users to retrieve mail, the server supports the Internet access
protocols, IMAP and POP3, as well as NRPC. In addition. the Domino HTTP service interacts with
Domino mail databases to provide mail service for HTTP clients, such as the Domino Web Access client.
Domino sends and stores messages in both MIME format and Notes rich text format, and the Notes client
creates and sends messages in either format.
Mail clients retrieve messages from the server using NRPC, IMAP and POP3. In addition, Web clients,
such as the Domino Web Access client, access mail through the Domino HTTP service. The Notes client
sends and retrieves mail using NRPC, or Internet protocols (SMTP, IMAP and POP3).
If the recipient’s home server is the current server, the Router will deliver the message. If it
is a different server, the Router consults the routing table to determine the best route, or least-cost path,
for transferring the message to the destination home server and routes the message along that path.
By default, Domino uses Notes Remote Procedure Calls (NRPC) -- also called Notes routing or the Notes
routing protocol -- to transfer mail between servers. Notes routing uses information in the Domino
Directory to determine where to send mail addressed to a given user. Notes routing moves mail from the
sender’s mail server to the recipient’s mail server. The Router for the sender’s server determines the next
server to move the message to -- or in other words, the next ″hop″ on the path to the message’s
destination. Each server uses its routing table to calculate the next hop along the route to the destination
server.
v On a different server in the same Notes named network: If the sender and recipient don’t share a mail server, the Router
checks the Domino Directory to determine whether the servers are in the same Domino domain.
If the Server document for the destination server is found within the Domino Directory, the Router
checks that document to determine the network information for the server. On the Ports - Notes Network
Ports tab of the Server document, the server is assigned to one or more Notes named networks (NNNs).
A Notes named network is a group of servers in a given Domino domain that share a common protocol
and are connected by a LAN or modem connections.
v On a server in a different Notes named network within the local Domino domain: If the sender’s and recipient’s mail servers
are in the same Domino domain, but don’t share either a mail server or a Notes named network, for transfer to succeed there
must be some connection between the two networks. Connections between Notes named networks can be achieved by two
means:
v Using a ’bridge″ server that is a member of multiple Notes named networks: Two networks in the same domain can
communicate with each other in the absence of a Connection document if any one server is a member of both networks.
Servers that reside in multiple networks can act as a bridge between networks running diverse protocols. For example, if you
have one Notes named network running TCP/IP and another running SPX, you can set up a server that runs both protocols to
be a member of both Notes named networks. This server acts as a bridge between the networks.
When a user in the TCP/IP network sends a message to someone in the SPX network, the Router
transfers the message from MAIL.BOX on the sender’s server to MAIL.BOX on this ″bridge″ server.
You can create a Connection document between two domains whenever there is a direct physical connection between them.
1. The sending server checks the recipient’s address, which is in the format localpart@domain, and looks
up the domain in the Domain Name System (DNS).
2. DNS returns the Mail Exchanger (MX) record for the domain, indicating the IP address of the servers
in the domain that accept mail over SMTP.
3. The sending server connects to the destination server over TCP/IP, establishes an SMTP connection
on port 25, transfers the message, and closes the connection.
Mail servers also use other DNS records. For example, servers that receive Internet mail perform a
reverse lookup to a DNS PTR record to determine the host name for a given IP address. Reverse lookups
are useful in verifying the source of a message
To provide users with the ability to work offline and use Sametime, you can integrate Domino Web
Access with Domino Off-Line Services (DOLS) and IBM Lotus Sametime (instant messaging). DOLS
enables users to work offline, disconnected from the network, and provides many replication features that
Notes users expect when working in the Notes client.
An ID file contains:
v The owner’s name. A user ID file may also contain one alternate name. A certifier ID may contain
multiple alternate names.
v A permanent license number. This number indicates that the owner is legal and specifies whether the
owner has a North American or International license to run Domino or Notes.
v At least one Notes certificate from a certifier ID. A Notes certificate is a digital signature added to a
user ID or server ID. This signature, which is generated from the private key of a certifier ID, verifies
that the name of the owner of the ID is correctly associated with a specific public key.
v A private key. Notes uses the private key to sign messages sent by the owner of the private key, to
decrypt messages sent to its owner, and, if the ID belongs to a certifier, to sign certificates.
v (Optional Notes client only) Internet certificates. An Internet certificate is used to secure SSL
connections and encrypt and sign S/MIME mail messages. An Internet certificate is issued by a
Certification Authority (CA) and verifies the identity of the user. The user’s private key associated with
an Internet certificate is stored with that certificate.
v (Optional) One or more secret encryption keys, created and distributed by users to allow other users to
encrypt and decrypt fields in a document.
Certificates
A certificate is a unique digital signature that identifies a user or server. Server and user IDs contain one
or more Notes certificates. In addition, user IDs may contain one or more Internet certificates that identify
users when they use SSL to connect to an Internet server or send a signed S/MIME mail message.
A certificate contains:
v The name of the certifier that issued the certificate.
v The name of the user or server to whom the certificate was issued.
v A public key that is stored in both the Domino Directory and the ID file. Notes uses the public key to
encrypt messages that are sent to the owner of the public key and to validate the ID owner’s signature.
v A digital signature.
v The expiration date of the certificate.
There are two kinds of ECLs: the Administration ECL, which resides in the Domino Directory
(NAMES.NSF), and the workstation ECL, which is stored in the user’s Personal Address Book
(NAMES.NSF). The Administration ECL is the template for all workstation ECLs. The workstation ECL is
created when the Notes client is first installed. The Setup program copies the administration ECL from
the Domino Directory to the Notes client to create the workstation ECL.
Hunt Group: A pool of modems which are connected to different phone lines but use a single phone no such that each call that
comes into that no is assigned to next free line in the group.
DNN/NNN: A group of domino servers which shares same protocol and same domino directory with constant connectivity.
IMP Files at clients: notes.ini (Configuration settings), user ID file (User name, password, certificates, Public/Private key,
Internet License), names.nsf (Connection settings, Address book), desktop6.ndk (Workspace/Welcome page settings),
bookmark.nsf (Bookmark icon settings).
IMP IDs at server: server.ID, admin.ID, cert.ID, dolcert.ID
ODS: On Disk Structure (The file system used in Lotus Notes)
R4:
R5: 41
R6: 43
Domino uses two types of public and private keys -- Notes and Internet. You use the Notes public key to
encrypt fields, documents, databases, and messages sent to other Notes users, while the Notes private
key is used for decryption. Similarly, you use the Internet public key for S/MIME encryption and the
Internet private key for S/MIME decryption.
When you register a user, Domino automatically creates a Notes certificate, which contains the user’s
public keys, and adds it to the ID file and the Domino Directory. The private key is created and stored in
the ID file.
Electronic signatures
Electronic signatures are closely associated with encryption. An electronic signature verifies that the
person who originated the data is the author and that no one has tampered with the data. Users can add
an electronic signature to mail messages and to fields and sections of documents.
Transaction logging
Domino supports transaction logging for servers that run Domino 5 and later, and for databases that are
in a Domino 5 or later on-disk structure.
Transaction logging captures all the changes made to a database and writes them to a transaction log. The
logged transactions are then written to disk in a batch, either when resources are available or when
scheduled.
The default Domino Directory template (PUBNAMES.NTF) controls the appearance and functionality of
the Domino Directory database (NAMES.NSF).
Calconn: Calendar Connector is a server task which processes requests for free-time information from another server.
Sched: Schedule Manager is a server task which check for Returns meeting times and dates and available invitees.
Amgr: Agent Manager is a server task which runs agent on one or more servers.
The calendar and scheduling features use the Schedule Manager (Sched task), the Calendar Connector (Calconn task), and the
Free Time system (a combination of Sched, Calconn, and nnotes tasks) to operate. When you install Lotus Domino 6 on a
server (any server except a directory server), the Sched and Calconn tasks are automatically added to the server’s NOTES.INI
file. When you start the server for the first time, the Schedule Manager creates a Free Time database (BUSYTIME.NSF for
non-clustered mail servers and CLUBUSY.NSF for clustered mail servers) and creates an entry in the database for each user
who has filled out a Calendar Profile and whose mail file is on that server or on one of the clustered servers.
Policy: is a document which defines a set of default that applies to the users and groups.
Types: 1. Organizational Policy 2. Explicit Policy.
Settings Documents: 1.
Policy Viewer and Policy Synopsis are the tool to check the effective policy governing.
Certifier ID: A file that generates an electronic stamp which indicates the trust relationship.
Encryption: Public Key used for sending and encrypting & Private key used for receiving and decrypting.
Public Key: A key which is used for encryption of messages while they are in transit. It is store in notes ceritificate which are
furthure store in User ID and Domino directory.
Private Key: A key used for decryption. It is stored in User ID.
Domino Cluster: A Domino cluster is a group of two or more servers which provides users
the constant access to data, balances the workload between servers, improves server performance, and maintains performance
when you increase the size of your enterprise.
The servers in a cluster contain replicas of databases which are readily available to users at all times. If a user tries to access a
database on a cluster server that is not available, Domino opens a replica of that database on a different cluster server, if a
replica is available. Domino continuously synchronizes databases so that whichever replica a user opens, the information is
always the same.
Cluster Benefits: 1. Availability of Database: When a hardware or software problem occurs, clustered servers redirect
database open requests to other servers in the cluster to provide users with uninterrupted access to important databases. This
process is called failover.
2. Workload balancing: When users try to access databases on heavily used servers, Domino
can redirect the user requests to other cluster servers that aren’t as busy so that the workload is evenly distributed across the
cluster which leads to faster data access.
3. Scalability: As the number of users you support increases, you can easily add servers to a cluster to keep server performance
high. As your enterprise grows, you can distribute user accounts across clusters and balance the additional workload to
optimize system performance within a cluster.
4. Data synchronization: Cluster replication ensures that all changes, whether to databases or to the cluster membership itself,
are immediately passed to other databases or servers in the cluster. Thus, databases are continuously synchronized to provide
high availability of information.
5. Ease of changing operating systems, hardware, or versions of Domino: When you want to change your hardware, operating
system, or Domino release, you can mark the clustered server as RESTRICTED so that requests to access a database on the
server fail over to other cluster servers that contain replicas.
Clustering requirements:
All servers in a cluster must be connected using a high-speed local area network (LAN) or a high-speed wide area network
(WAN). You can also set up a private LAN for cluster traffic.
All servers in a cluster must use TCP/IP and be on the same Notes named network
All servers in a cluster must be in the same Domino domain and share a common Domino Directory.
Each server in the cluster must have a hierarchical server ID. If any servers have flat IDs, you must convert them to
hierarchical IDs to use them in a cluster.
A server can be a member of only one cluster at a time.
Each server must have adequate disk space to function as a cluster member. Because clusters usually require more database
replicas, servers in clusters require more disk space than unclustered servers.
Each server must have adequate processing power and memory capacity. In general, clustered servers require more computer
power than unclustered servers.